Make base mount points shared by Zyqsempai · Pull Request #98 · rootless-containers/rootlesskit

Zyqsempai · 2020-01-07T11:25:02Z

Fixes #97

Made base mount point shared.
Signed-off-by: Boris Popovschi [email protected]

Zyqsempai · 2020-01-07T11:25:46Z

@AkihiroSuda Did you mean something like this?

AkihiroSuda · 2020-01-07T11:46:28Z

Sorry, I was talking about the rootfs.

e.g.

Run rootlesskit bash
Mount /media/cdrom as the real root
The files under /media/cdrom is invisible in the rootlesskit shell.
The files should be visible when rootlesskit was launched with some flag like --propagation=rslave.

Zyqsempai · 2020-01-07T22:52:31Z

@AkihiroSuda Ok, let's summarize a little bit:

We need new flag for rootlesskit --propagation
Possible values for flag: slave, rslave, shared. rshared, private
Based on flag value we should define mount propagation type, the only question I have, which point we should mount?

AkihiroSuda · 2020-01-08T04:31:38Z

https://github.com/karelzak/util-linux/blob/dc30fd4383e57a0440cdb0e16ba5c4336a43b290/sys-utils/unshare.c#L161-L168

Zyqsempai · 2020-01-08T09:48:06Z

@AkihiroSuda PTAL

AkihiroSuda

Unfortunately, doesn't seem working

Zyqsempai · 2020-01-08T14:01:21Z

@AkihiroSuda Yep, looks like, but I don't see where can be the problem.

findmnt -o TARGET,PROPAGATION
TARGET                                PROPAGATION
/                                     shared
├─/dev                                shared
│ ├─/dev/pts                          shared
│ ├─/dev/shm                          shared
│ ├─/dev/hugepages                    shared
│ └─/dev/mqueue                       shared
├─/run                                shared
│ ├─/run/lock                         shared
│ └─/run/user/1000                    shared
│   ├─/run/user/1000/gvfs             shared
│   └─/run/user/1000/doc              shared
├─/sys                                shared
│ ├─/sys/kernel/security              shared
│ ├─/sys/fs/cgroup                    shared
│ │ ├─/sys/fs/cgroup/unified          shared
│ │ ├─/sys/fs/cgroup/systemd          shared
│ │ ├─/sys/fs/cgroup/cpu,cpuacct      shared
│ │ ├─/sys/fs/cgroup/hugetlb          shared
│ │ ├─/sys/fs/cgroup/pids             shared
│ │ ├─/sys/fs/cgroup/net_cls,net_prio shared
│ │ ├─/sys/fs/cgroup/blkio            shared
│ │ ├─/sys/fs/cgroup/freezer          shared
│ │ ├─/sys/fs/cgroup/memory           shared
│ │ ├─/sys/fs/cgroup/devices          shared
│ │ ├─/sys/fs/cgroup/rdma             shared
│ │ ├─/sys/fs/cgroup/perf_event       shared
│ │ └─/sys/fs/cgroup/cpuset           shared
│ ├─/sys/fs/pstore                    shared
│ ├─/sys/firmware/efi/efivars         shared
│ ├─/sys/fs/bpf                       shared
│ ├─/sys/kernel/debug                 shared
│ ├─/sys/kernel/config                shared
│ └─/sys/fs/fuse/connections          shared
├─/proc                               shared
│ └─/proc/sys/fs/binfmt_misc          shared
├─/snap/core/8213                     shared
├─/snap/gnome-logs/81                 shared
├─/snap/gtk-common-themes/1353        shared
├─/snap/core18/1288                   shared
├─/snap/gnome-calculator/544          shared
├─/snap/gnome-3-28-1804/110           shared
├─/snap/gnome-characters/367          shared
├─/snap/core/8268                     shared
├─/snap/gnome-calculator/501          shared
├─/snap/core18/1279                   shared
├─/snap/gnome-3-28-1804/71            shared
├─/snap/gnome-characters/375          shared
└─/boot/efi                           shared

this what I see inside the rootlesskit shell, everything is shared.
And outside

sudo cat /proc/28338/mountinfo 
1198 994 8:20 / / rw,relatime shared:651 - ext4 /dev/sdb4 rw,errors=remount-ro

again root is shared, do you have any ideas?

AkihiroSuda · 2020-02-20T06:32:08Z

@Zyqsempai

This seems to work for your PR:

diff --git a/pkg/parent/parent.go b/pkg/parent/parent.go
index 6e7e61b..287032f 100644
--- a/pkg/parent/parent.go
+++ b/pkg/parent/parent.go
@@ -84,9 +84,8 @@ func Parent(opt Opt) error {
        }
        cmd := exec.Command("/proc/self/exe", os.Args[1:]...)
        cmd.SysProcAttr = &syscall.SysProcAttr{
-               Pdeathsig:    syscall.SIGKILL,
-               Cloneflags:   syscall.CLONE_NEWUSER,
-               Unshareflags: syscall.CLONE_NEWNS,
+               Pdeathsig:  syscall.SIGKILL,
+               Cloneflags: syscall.CLONE_NEWUSER | syscall.CLONE_NEWNS,
        }
        if opt.NetworkDriver != nil {
                cmd.SysProcAttr.Unshareflags |= syscall.CLONE_NEWNET

Signed-off-by: Boris Popovschi <[email protected]>

AkihiroSuda · 2020-02-25T02:59:43Z

@Zyqsempai Do you want to update this, or shall I carry?

Signed-off-by: Boris Popovschi <[email protected]>

Zyqsempai · 2020-02-25T11:36:52Z

@AkihiroSuda I tried your suggestion, but it looks like it's still not working, but from the opposite side, now it's always shared, and it's impossible to make it private.
I pushed it, so you can try it by your self.

AkihiroSuda · 2020-02-25T13:26:36Z

I will carry

copy-up still doesn't work: ``` $ rootlesskit --propagation=rshared --copy-up=/run echo test [rootlesskit:child ] error: failed to move mount point from /tmp/rootlesskit-b668352932 to /run/.ro159097011: invalid argument [rootlesskit:parent] error: child exited: exit status 1 ``` Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda · 2020-02-25T14:13:22Z

carried in #109

Signed-off-by: Akihiro Suda <[email protected]>

Zyqsempai force-pushed the 97-make-mount-points-shared branch from 993eea1 to 9967590 Compare January 8, 2020 09:08

AkihiroSuda requested changes Jan 8, 2020

View reviewed changes

AkihiroSuda added this to the v0.9.0 milestone Feb 20, 2020

Added new flag for propagation

bdfda0d

Signed-off-by: Boris Popovschi <[email protected]>

Change unshared flags

831eade

Signed-off-by: Boris Popovschi <[email protected]>

Zyqsempai force-pushed the 97-make-mount-points-shared branch from 9967590 to 831eade Compare February 25, 2020 11:34

AkihiroSuda closed this Feb 25, 2020

AkihiroSuda added a commit to AkihiroSuda/rootlesskit that referenced this pull request Feb 25, 2020

follow-up to "Change unshared flags" (rootless-containers#98)

1d38e2c

Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda mentioned this pull request Feb 25, 2020

[Carry 98] support --propagation=(rprivate|rslave) #109

Merged

AkihiroSuda added a commit to AkihiroSuda/rootlesskit that referenced this pull request Feb 25, 2020

follow-up to "Change unshared flags" (rootless-containers#98)

6252784

Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda added a commit to AkihiroSuda/rootlesskit that referenced this pull request Feb 25, 2020

follow-up to "Change unshared flags" (rootless-containers#98)

c2a9755

Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda added a commit to AkihiroSuda/rootlesskit that referenced this pull request Feb 25, 2020

follow-up to "Change unshared flags" (rootless-containers#98)

497352c

Signed-off-by: Akihiro Suda <[email protected]>

AkihiroSuda added a commit to AkihiroSuda/rootlesskit that referenced this pull request Feb 25, 2020

follow-up to "Change unshared flags" (rootless-containers#98)

63e09d7

Signed-off-by: Akihiro Suda <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make base mount points shared#98

Make base mount points shared#98
Zyqsempai wants to merge 2 commits intorootless-containers:masterfrom
Zyqsempai:97-make-mount-points-shared

Zyqsempai commented Jan 7, 2020

Uh oh!

Zyqsempai commented Jan 7, 2020

Uh oh!

AkihiroSuda commented Jan 7, 2020

Uh oh!

Zyqsempai commented Jan 7, 2020

Uh oh!

AkihiroSuda commented Jan 8, 2020

Uh oh!

Zyqsempai commented Jan 8, 2020

Uh oh!

AkihiroSuda left a comment

Uh oh!

Zyqsempai commented Jan 8, 2020

Uh oh!

AkihiroSuda commented Feb 20, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

Zyqsempai commented Feb 25, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Zyqsempai commented Jan 7, 2020

Uh oh!

Zyqsempai commented Jan 7, 2020

Uh oh!

AkihiroSuda commented Jan 7, 2020

Uh oh!

Zyqsempai commented Jan 7, 2020

Uh oh!

AkihiroSuda commented Jan 8, 2020

Uh oh!

Zyqsempai commented Jan 8, 2020

Uh oh!

AkihiroSuda left a comment

Choose a reason for hiding this comment

Uh oh!

Zyqsempai commented Jan 8, 2020

Uh oh!

AkihiroSuda commented Feb 20, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

Zyqsempai commented Feb 25, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

AkihiroSuda commented Feb 25, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants